Cloud Encryption Gaining Solution Providers' Attention

As more data enters the cloud, solution providers are increasingly turning their focus to encryption to keep that data secure.

"It's like a light switch was turned on within the last six months," said Bill Hackenberger, CEO of HighCloud Security, a Mountain View, Calif.-based security vendor. "The debate about putting mission-critical information in the cloud is over. We've seen a much bigger uptake and interest in encryption. It's going into the places where you would expect -- industries like financial services and healthcare -- but the general level of interest is increasing, too."

In a world where channel partners are increasingly looking for new ways to differentiate themselves against their competitors, the ability to bring encryption technologies to customers is emerging as one potential solution. But like many technologies, the movement seems to be gaining momentum in specific industries where the value of data is high, which nearly always translates to high levels of attention from hackers and other cybercriminals seeking to separate people from their money.

"Yes, encryption is definitely a good thing, but whether or not it's practical depends on your specific needs," said Jeremy Przygode, CEO of Stratalux, a Los Angeles-based solution provider "It's a great idea to encrypt your data, but it adds a layer of complexity and computing overhead that may or may not be appropriate for specific types of applications. And there's a definite impact in terms of CPU overhead. Databases are especially difficult to encrypt, as well. But basically, if you have specific concerns about specific data, you should encrypt it."

One of the main considerations when using encryption involves key management, which can either be managed by a service provider for convenience or by the channel partner or customer for added security

"It's always good practice to make sure that you have the keys separate from your data, and you, the customer, want have that control," said Hackenberger. "Key management is often very confusing to people. The language is kind of arcane, and it's counterintuitive to a lot of folks, so we put a lot of energy into maintaining a policy-based management model to keep everything as streamlined as possible."

Anything that goes into the cloud that should not be seen by the public should likely be encrypted, Hackenberger said.

"Many breaches are a result of simple mistakes and errors, and that exposure can happen in a lot of ways," he said. "No matter what your provider does and how good their intent is, you, the data owner, have legal responsibility for that data. And in a lot of cases, you have regulatory issues with which to contend. Encryption is substantially less costly than it used to be. It runs on pretty much any commercial-grade server that is running virtualization, and there's really no reason to avoid it."

And while no security measure can ever be 100 percent effective, the presence of cryptography can persuade cyber criminals to attack less-protected infrastructure instead.

For Allen Falcon, CEO of Cumulus Global, a Westboro, Mass.-based solution provider, selecting an encryption provider is also tantamount to placing a bet on that company's continued success.

"Most of the companies in that space are fairly new, and you have to wonder which ones will survive, and what happens down the road if you need support," he said. "Plus, you don't know that the encryption tool you're using is actually something that [cybercriminals] could not crack."